Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-10-19 19:13:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

cmd/internal/obj/arm64: add support for PAC instructions

Browse source 
Add support for the Pointer Authentication Code instructions
required for the ELF ABI when enabling PAC aware binaries.

This allows for assembly writers to add PAC instructions where needed to
support this ABI. Follow up work is to enable the compiler to emit these
instructions in the appropriate places.

The TL;DR for the Linux ABI is that the prologue of a function that
pushes the link register (LR) to the stack, signs the LR with a key
managed by the operating system and hardware using a PAC instruction,
like "paciasp". The function epilog, when restoring the LR from the
stack will verify the signature, using an instruction like "autiasp".

This helps prevents attackers from modifying the return address on the
stack, a common technique for ROP attacks.

Details on PAC can be found here:
  - https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enabling-pac-and-bti-on-aarch64
  - https://developer.arm.com/documentation/109576/0100/Pointer-Authentication-Code

The ABI details can be found here:
  - https://github.com/ARM-software/abi-aa/blob/main/aaelf64/aaelf64.rst

Change-Id: I4516ed1294d19f9ff9d278833d542821b6642aa9
Reviewed-on: https://go-review.googlesource.com/c/go/+/676675
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Joel Sing <joel@sing.id.au>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
This commit is contained in:
Bill Roberts 2025-09-08 11:31:22 -05:00 committed by Cherry Mui
parent 4dbf1a5a4c
commit 11d3d2f77d
5 changed files with 51 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/cmd/asm/internal/asm/testdata/arm64.s vendored
View file

@ -1894,4 +1894,12 @@ next:
BTI J // 9f2403d5
BTI JC // df2403d5
// Pointer Authentication Codes (PAC)
PACIASP // 3f2303d5
AUTIASP // bf2303d5
PACIBSP // 7f2303d5
AUTIBSP // ff2303d5
AUTIA1716 // 9f2103d5
AUTIB1716 // df2103d5
END

6
src/cmd/asm/internal/asm/testdata/arm64error.s vendored
View file

@ -422,4 +422,10 @@ TEXT errors(SB),$0
SHA1H V1.B16, V2.B16 // ERROR "invalid operands"
BTI // ERROR "missing operand"
BTI PLDL1KEEP // ERROR "illegal argument"
PACIASP C // ERROR "illegal combination"
AUTIASP R2 // ERROR "illegal combination"
PACIBSP R0 // ERROR "illegal combination"
AUTIBSP C // ERROR "illegal combination"
AUTIA1716 $45 // ERROR "illegal combination"
AUTIB1716 R0 // ERROR "illegal combination"
RET

6
src/cmd/internal/obj/arm64/a.out.go
View file

@ -1020,6 +1020,12 @@ const (
AWORD
AYIELD
ABTI
APACIASP
AAUTIASP
APACIBSP
AAUTIBSP
AAUTIA1716
AAUTIB1716
ALAST
AB = obj.AJMP
ABL = obj.ACALL

6
src/cmd/internal/obj/arm64/anames.go
View file

@ -537,5 +537,11 @@ var Anames = []string{
"WORD",
"YIELD",
"BTI",
"PACIASP",
"AUTIASP",
"PACIBSP",
"AUTIBSP",
"AUTIA1716",
"AUTIB1716",
"LAST",
}

25
src/cmd/internal/obj/arm64/asm7.go
View file

@ -3017,6 +3017,13 @@ func buildop(ctxt *obj.Link) {
oprangeset(ANOOP, t)
oprangeset(ADRPS, t)
oprangeset(APACIASP, t)
oprangeset(AAUTIASP, t)
oprangeset(APACIBSP, t)
oprangeset(AAUTIBSP, t)
oprangeset(AAUTIA1716, t)
oprangeset(AAUTIB1716, t)
case ACBZ:
oprangeset(ACBZW, t)
oprangeset(ACBNZ, t)
@ -7016,6 +7023,24 @@ func (c *ctxt7) op0(p *obj.Prog, a obj.As) uint32 {
case ASEVL:
return SYSHINT(5)
case APACIASP:
return SYSHINT(25)
case AAUTIASP:
return SYSHINT(29)
case APACIBSP:
return SYSHINT(27)
case AAUTIBSP:
return SYSHINT(31)
case AAUTIA1716:
return SYSHINT(12)
case AAUTIB1716:
return SYSHINT(14)
}
c.ctxt.Diag("%v: bad op0 %v", p, a)